在电信和网通之间做vpn桥
Idc(电信机房)-----办公室-----cnc(网通机房)
由于网通机房需访问电信idc机房的数据库等一些原因,须架个vpn,网通直接到电信的速度我就不说了,所以嘛,在中间办公司做了个桥
IDC(电信):
Eth0: 222.77.A.72(公ip)
Eth1:10.59.96.72(内ip)
[root@idc]cat start_gre.sh
#!/bin/bash
modprobe ip_gre
ip tunnel add netb mode gre remote 218.66.B.45 local 222.77.A.72 ttl 255
ip link set netb up
ip addr add 10.59.96.72 dev netb
ip route add 10.5.0.0/16 dev netb
ip route add 10.59.97.0/24 dev netb
[root@idc]cat stop_gre.sh
#!/bin/bash
ip link set netb down
ip tunnel del netb
IDC2CNC(办公室):
Eth0:10.5.17.101/24 (内ip)
Eth1:218.66.B.45 (电信ip)
Eth2:220.C.22.2 (网通ip)
[root@idc2cnet ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=idc2cnet.mydomain.com
GATEWAY=218.66.B.60
[root@idc2cnet ~]# cat /etc/rc.local
route add -net X.22.96.34 netmask 255.255.255.255 gw 220.C.22.1
[root@idc2cnet ~]#cat start_idc.sh
#!/bin/bash
modprobe ip_gre
ip tunnel add neta mode gre remote 222.77.A.72 local 218.66.B.45 ttl 255
ip link set neta up
ip addr add 10.5.17.101 dev neta
ip route add 10.59.96.0/24 dev neta
[root@idc2cnet ~]#cat stop_idc.sh
#!/bin/bash
ip link set neta down
ip tunnel del neta
[root@idc2cnet ~]#cat start_cnc.sh
#!/bin/bash
modprobe ip_gre
ip tunnel add cnc mode gre remote X.22.96.34 local 220.C.22.2 ttl 255
ip link set cnc up
ip addr add 10.5.17.101 dev cnc
ip route add 10.59.97.0/24 dev cnc
[root@idc2cnet ~]#cat stop_cnc.sh
#!/bin/bash
ip link set cnc down
ip tunnel del cnc
CNC(网通):
Eth0: X.22.96.34(公ip)
Eth1: 10.59.97.254(内ip)
[root@cnet bin]#cat start_cnc.sh
#!/bin/bash
modprobe ip_gre
ip tunnel add cnc mode gre remote 220.C.22.2 local X.22.96.34 ttl 255
ip link set cnc up
ip addr add 10.59.97.254 dev cnc
ip route add 10.59.96.0/24 dev cnc
ip route add 10.5.0.0/16 dev cnc
[root@cnet bin]#cat stop_cnc.sh
#!/bin/bash
ip link set cnc down
ip tunnel del cnc
备注:
注意iptables都要关掉
转发都要开net.ipv4.ip_forward = 1
作者:yanyp
From:
http://www.linuxbyte.net/view.php?skin=art&ID=3662
